NOTE: This kernel update marks the final planned kernel securityupdate for the 2.6.18 kernel in the Debian release 'etch'.Although security support for 'etch' officially ended onFeburary 15th, 2010, this update was already in preparationbefore that date. A final update that includes fixes for theseissues in the 2.6.24 kernel is also in preparation and will bereleased shortly.

Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service or privilege escalation. The CommonVulnerabilities and Exposures project identifies the followingproblems:

CVE-2009-3080

Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges.

CVE-2009-3726

Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call.

CVE-2009-4005

Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops).

CVE-2009-4020

Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem.

CVE-2009-4021

Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges.

Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules.

CVE-2010-0410

Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory).

CVE-2010-0415

Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.

CVE-2010-0622

Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).

This update also fixes a regression introduced by a previous securityupdate that caused problems booting on certain s390 systems.

For the oldstable distribution (etch), this problem has been fixed inversion 2.6.18.dfsg.1-26etch2.

We recommend that you upgrade your linux-2.6, fai-kernels, anduser-mode-linux packages.

The following matrix lists additional source packages that were rebuilt forcompatability with or to take advantage of this update: